Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at “login.microsoftonline[.]com” by only letting scripts from trusted Microsoft domains run. “This update strengthens security and
Read More
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist the attack. “We have proven that reliably triggering
Read More
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. “Apple is aware of a report that
Read More
A threat actor has breached the internal systems of F5, Inc. (F5), a prominent American technology firm specializing in application security and delivery. In a disclosure filed with the U.S. Securities and Exchange Commission, F5 attributed the intrusion to a “highly sophisticated nation-state threat actor” who maintained long-term, persistent access to critical company environments. The
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all